You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2020/10/01 09:23:39 UTC

[tomcat] 02/02: Fix BufferOverflowException reported on users list

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit e2f9266306efc79c4171e1a49cb20d41b8f0f036
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Oct 1 10:21:17 2020 +0100

    Fix BufferOverflowException reported on users list
---
 java/org/apache/tomcat/util/net/SocketBufferHandler.java | 11 +++++++++++
 webapps/docs/changelog.xml                               |  5 +++++
 2 files changed, 16 insertions(+)

diff --git a/java/org/apache/tomcat/util/net/SocketBufferHandler.java b/java/org/apache/tomcat/util/net/SocketBufferHandler.java
index d066240..78adf30 100644
--- a/java/org/apache/tomcat/util/net/SocketBufferHandler.java
+++ b/java/org/apache/tomcat/util/net/SocketBufferHandler.java
@@ -27,6 +27,17 @@ public class SocketBufferHandler {
         @Override
         public void expand(int newSize) {
         }
+        /*
+         * Http2AsyncParser$FrameCompletionHandler will return incomplete
+         * frame(s) to the buffer. If the previous frame (or concurrent write to
+         * a stream) triggered a connection close this call would fail with a
+         * BufferOverflowException as data can't be returned to a buffer of zero
+         * length. Override the method and make it a NO-OP to avoid triggering
+         * the exception.
+         */
+        @Override
+        public void unReadReadBuffer(ByteBuffer returnedData) {
+        }
     };
 
     private volatile boolean readBufferConfiguredForWrite = true;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 08a8aad..65c8e01 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -140,6 +140,11 @@
         Don't send the Keep-Alive response header if the connection has been
         explicitly closed. (markt)
       </fix>
+      <fix>
+        Avoid a <code>BufferOverflowException</code> if an HTTP/2 connection is
+        closed while the parser still has a partial HTTP/2 frame in the input
+        buffer. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org